PT-2024-4157 · Adobe · Acrobat Reader

Published

2024-05-14

Updated

2024-12-02

CVE-2024-30279

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier

Description The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file. This vulnerability is associated with a buffer overflow in memory, which can allow an attacker to execute arbitrary code.

Recommendations For Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier, update to a version that is not affected by this issue to prevent arbitrary code execution. As a temporary workaround, consider avoiding the use of JPEG2000 file parsing until a patch is available. Restrict access to malicious files to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-04641

CVE-2024-30279

ZDI-24-493

Affected Products

Acrobat Reader

PT-2024-4157 · Adobe · Acrobat Reader

CVE-2024-30279

Weakness Enumeration

Related Identifiers

Affected Products

References · 7